Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Symantec Intelligence
Showing posts tagged with business intelligence
Showing posts in English
Paul Wood | 08 Oct 2012 | 1 comment

In this month’s report, we take a look at an often-overlooked side of malicious code: how attackers administer the Web servers that they use to spread spam and malicious code. We highlight a PHP-based tool in particular that is often used to control and manipulate the configuration of these Web servers.

The tool can run arbitrary PHP code, brute force file transfer and database accounts, and even allows quick access to Web server configuration files so that the attacker can edit them in order to suit their malicious needs. The attacker can easily obfuscate his or her code, making its function less apparent if viewed by the legitimate server admins. We’ve witnessed this tool being used to create spam-related websites and hosting exploit pages to compromise further computers.

We also take a look at a rather interesting Android application that attempts to trick the user into thinking that they can charge their device with nothing but the rays of the sun. The...